Google is beta-testing a program that uses smartphone location data to determine when consumers visit stores, according to agency executives briefed on the program by Google employees. Google then connects these store visits to Google searches conducted on smartphones in an attempt to prove that its mobile ads do, in fact, work.
...
Google’s ability to make this connection is predicated on users opting in to location services on their smartphones and thus, in some cases, being subject to constant location monitoring.

isn't that because there is no need to block google on non google OS's?

Click to expand...

From that article...

But Google can also constantly track the location of iPhone users by way of Google apps for iOS, Apple’s mobile operating system
...
Google’s namesake iOS app — commonly referred to as Google mobile search — continues collecting a user’s location information when it runs in the background. This information is then used to determine if that user visited a store and whether that store visit can be attributed to a search conducted in the app. Store visits can also be tracked via Google’s other iOS apps that use location services. If iOS users open their Chrome, Gmail or Google Maps app in a store, their location can be deemed a store visit. Location sharing is opt-in for all these apps.

Click to expand...

Things like the advertising ID built into some platforms (Android, IOS, .?.) and being signed into certain types of accounts will only make it easier for companies to uniquely identify you and correlate things.

Things like the advertising ID built into some platforms (Android, IOS, .?.) and being signed into certain types of accounts will only make it easier for companies to uniquely identify you and correlate things.

Click to expand...

all that can be turned off with a few simple swipes on iOS without the need to root/jailbreak and without breaking functionality of the app

non issue on iOS is what i was trying to say as google have to respect apples policies on iOS. obviously not the same on android

@treehouse786: I figured you probably meant that Google apps could be prevented from using IOS's location service. However, given the potential for IOS users to allow that, I thought it best to pull out that quote from the article.

It would be interesting to see statistics for how many people completely disable location services (a miniscule percentage I suspect) and how many enable it but are genuinely selective about allowing specific apps to use it (a small minority I suspect). If my suspicions are correct, many users would be vulnerable to the type of tracking discussed here. Be it performed by Google or some other entity.

It would be interesting to see statistics for how many people completely disable location services (a miniscule percentage I suspect)

Click to expand...

as someone who supports a lot of iOS devices (BYOD), i would agree with you

and how many enable it but are genuinely selective about allowing specific apps to use it (a small minority I suspect)

Click to expand...

i disagree with you on this one, roughly 99% of iOS devices i encounter have denied location services to at least 1 app

I'm under the impression that IOS users *can't* actually turn off (prevent apps from reading) the IOS advertising ID or control it on a per-app basis. If you've seen something to the contrary I'd appreciate a link

Click to expand...

i'm not sure on this one, by reading the paragraph in the second pic it seems to be unclear as to whether if apps have initial access to the AID but have no right to act on it or have no right in the first place

however, a simple screen press to reset the global AID is an excellent addition by apple

the most powerful tool (in my opinion) on iOS to prevent tracking would be the ability to fully close apps which are not on use at the screen. i personally dont have a problem with google tracking me if i am activley using one of their apps (on screen) so its good to know that their tracking would instantly be stopped via me simply opening another app or by closing theirs

i'm not sure on this one, by reading the paragraph in the second pic it seems to be unclear as to whether if apps have initial access to the AID but have no right to act on it or have no right in the first place

Click to expand...

The developer library quote I pointed to in the other thread makes it somewhat clearer I think: "advertisingTrackingEnabled: Check the value of this property before performing any advertising tracking. If the value is NO, use the advertising identifier only for the following purposes: frequency capping, conversion events, estimating the number of unique users, security and fraud detection, and debugging". Apple can't police how it is used on servers though.

treehouse786 said:

however, a simple screen press to reset the global AID is an excellent addition by apple

Click to expand...

That could help, assuming the user resets it very frequently and there are no undesired consequences from doing that. However... and I failed to mention this in that other thread... what would stop an app/server from keeping a history of advertising IDs that were seen on your device?

treehouse786 said:

i personally dont have a problem with google tracking me if i am activley using one of their apps (on screen) so its good to know that their tracking would instantly be stopped via me simply opening another app or by closing theirs

Click to expand...

Well this is why I brought up the cross-app advertising ID. Theoretically you could close a Google App which would stop *it* from causing tracking data to be sent to Google and then open another NON-Google app that resumes causing tracking data to be sent to Google. This could work because both apps have access to the same ID and thus the data they phone home can be correlated. Note: I'm not aware of any other apps feeding data to Google in such a way, I'm just trying to point out what it possible.

The developer library quote I pointed to in the other thread makes it somewhat clearer I think: "advertisingTrackingEnabled: Check the value of this property before performing any advertising tracking. If the value is NO, use the advertising identifier only for the following purposes: frequency capping, conversion events, estimating the number of unique users, security and fraud detection, and debugging". Apple can't police how it is used on servers though.

Click to expand...

but they can police what they pass on in the first place. seems to me that if the value is 'NO' then all the developers receive is a random identifier

That could help, assuming the user resets it very frequently and there are no undesired consequences from doing that. However... and I failed to mention this in that other thread... what would stop an app/server from keeping a history of advertising IDs that were seen on your device?

Click to expand...

i don't see that as a legitimate concern as there are too many assumptions that have to be made. not much difference from me wondering if all mobile OS's creators are collaborating together for maximum profit. also, you seem to differentiate between the unique AID and another form of device identifier, as far as i know there is only the the 1 ID available for apps to use on iOS so i dont see how keeping a record of random ID's would help anyone link it to to other ID's. that is the whole purpose of the 'reset advertising identifier' option in iOS.

Well this is why I brought up the cross-app advertising ID. Theoretically you could close a Google App which would stop *it* from causing tracking data to be sent to Google and then open another NON-Google app that resumes causing tracking data to be sent to Google. This could work because both apps have access to the same ID and thus the data they phone home can be correlated. Note: I'm not aware of any other apps feeding data to Google in such a way, I'm just trying to point out what it possible.

Click to expand...

this is an excellent point. although it again requires assumptions, this is a much more reasonable assumption than your previous one in my opinion. however as i somewhat already touched on, to expect to not be tracked whilst an app is running on the main screen is to be charitable to say the least but once an iOS user puts the phone in their pocket... the policies which are only a few swipes away decide what happens next

but they can police what they pass on in the first place. seems to me that if the value is 'NO' then all the developers receive is a random identifier

Click to expand...

I would expect there to be cases where additional information is phoned home with the advertising ID. Example: App1 is some kind of search app that displays ads in the results. The advertising ID is allowed to be used for "frequency capping, conversion events, estimating the number of unique users" even when the Limit Ad Tracking feature is enabled. So one or more of those should provide cover for phoning the advertising ID home with every search. What the developer might do is phone home the search terms along with the advertising ID along with a LimitAdTracking boolean. So if/when Apple actually studied the code it would appear that the server would be honoring that boolean when deciding how to select ads. Another example: App2 is a financial app of some sort that phones home the advertising ID with every request (that accesses an account for which personal information is known). In addition to the exclusions previously mentioned, this app would also have the "security and fraud detection" exclusion available to it.

treehouse786 said:

i dont see how keeping a record of random ID's would help anyone link it to to other ID's. that is the whole purpose of the 'reset advertising identifier' option in iOS.

Click to expand...

The reset feature causes a new advertising ID to be generated. The idea being that if/when you reset it you detach yourself from information correlated with the previous advertising ID. If the user signed into an account while using the old advertising ID and later signed into the same account while using the new advertising ID they'd be "linking" their two advertising ID's together via activity. Another potential way such linking could be done is via an app that persists a "last seen advertising ID" variable. When that app retrieves the advertising ID it would compare it to the saved one, and if they don't match it would phone home both. The server would then know that it is dealing with the same device/user and can handle its database appropriately.

Yes, I am making assumptions in the sense that I'm trying to mentally think of ways which these cross-app advertising IDs can be abused. Not just on IOS mind you.

Who *isn't* NSA these days? Pick your poison, but I just think Android offers you the most choices to remain private if you put in the work.

Again, I know nothing about what can be done to a Jail Broken iDevice. I'm pretty sure there isn't an open source version of iOS, but maybe you can spoof MACs, Machine Names, Permissions and Firewall it if you Jail Beak? Out of the box, taking advantage of all offered services, they are both atrocious. IMO.